iSCSI unauthorized access vulnerability, tens of thousands of iSCSI are likely to be affected-vulnerability warning-the black bar safety net

2019-04-18T00:00:00
ID MYHACK58:62201993733
Type myhack58
Reporter 佚名
Modified 2019-04-18T00:00:00

Description

!

Overview iSCSI Internet Small Computer System Interface Internet small computer system interface, also known as IP-SAN, is an Internet-based and SCSI-3 protocols storage technology, by the IETF, proposed, and 2003 2 May 11, became the official standard. 2019 4 December 17, white cap sinks a security research Institute(hereinafter referred to as the white cap sinks after FOFA system analysis, found that there are many not authorized to access the iSCSI security risks, any attacker can unauthorized access of iSCIS to access, modify, delete and other operations, the user will cause data leakage, data loss and other risks. According to the FOFA system for nearly a year statistics show that the current global total of 34564 iSCSI Protocol open to non-vulnerability. Wherein, the first in China, a total of 8726 a open to the public; the second is South Korea, a total of 3688; a third is the United States, a total of 3662; fourth is Russia, a total of 2602. ! iSCSI global distribution only distribution case, the non-vulnerability situation Mainland China opened a total of 5337. Wherein, Guangdong province, the first, a total of 768; the second is Beijing, a total of 699; and the third is in Jiangsu province, a total of 511; fourth, Zhejiang province, a total of 492; the fifth is Shanghai, a total of 365. ! iSCSI in mainland China distribution only distribution case, the non-vulnerability situation

The vulnerability principle and the harm iSCSI utilizes TCP/IP ports 860 and 3260 as a communication channel. Through the two portion of the computer between the use of iSCSI Protocol to exchange SCSI commands, so the computer can be through a high-speed Local Area Network Assembly line to put SAN simulate a local storage device. The vulnerability mainly by poor configuration leading to unauthorized access vulnerability. Any attacker can use linux system or windows system I use is Windows 10 and Windows Server 2012 version, other Windows version may be their own view of the software to connect, after a successful connection, you can manage the remote disk, view, delete, modify files and other operations. If you want to connect to the iSCSI, you can use the Windows system comes with the iSCSI Initiator program to connect a linux system you can install the appropriate software, management software there are multiple, self-search. Such as: iscsi-initiator-utils.) To make the connection. Also note that Windows uses iSCSI, you need to start the msiscsi service. For the first time using an iSCSI Initiator will be prompted, click is can directly start the service. Through the Windows iSCSI Initiator Quick Connect feature for quick connection or through an iSCSI discovery portal function to add the IP address, according to the list of Gateway target, select the target name to connect, the connection is successful. After a successful connection, you can in Computer Management Disk Management see the disk. Here the disk may appear to be offline or to the initialization state, etc., in Windows Explorer will not display the disk drive letter, then simply drag the hard disk online, initialize, assign the disk a drive letter, etc. to view the disk file. While Wnidows system in iSCSI support the command line, start the msiscsi service after you can use the iscsicli command to the iSCSI to manage. the linux system there are many tools, using search engine you can search to the relevant tools and instructions for use. Since the author has not used, there is no explanation, everyone can be their own attempt. ! Windows Server 2012 iSCISI connection is successful screenshot

Vulnerability Through the communication Protocol features, directly through the FOFA search to the presence of unauthorized access to network assets. It is not authorized to access the flag to authmethod=None. Currently, the FOFA system nearly a years data show that the global total 17733 presence of iSCSI there is an unauthorized access vulnerability and could be exploited by attackers to. Wherein, the first in China, a total of 5166; the second is the United States, a total of 2020; third is South Korea, a total of 1514; the fourth is Russia, a total of 1026. Accessible http://t.cn/EXY0o4w view the world affected the situation(such as a connected issue, by of https://fofa. so website search protocol==”iscsi” && banner=”authmethod=None” to view). ! iSCSI global presence is not authorized features of the distribution In mainland China, a total of 4084 presence of iSCSI there is an unauthorized access vulnerability and could be exploited by attackers to. Wherein, Guangdong province, the first, a total of 600; the second is Beijing, a total of 563; and the third is in Jiangsu province, a total of 372; fourth, Zhejiang province, a total of 362; the fifth is Shanghai, a total of 304. ! iSCSI in mainland China, the presence of unauthorized characteristics affect the distribution

Vulnerability hazard rating High-risk CVE number No Repair recommendations Due to The Associated ISCSI software and hardware environment is different, please according to their actual situation to modify the configuration file, add the authentication users. Reference source [1] https://baike.baidu.com/item/iSCSI/2169135 [2] http://t.cn/EXY0o4w (such as a connected issue, by of https://fofa. so website search protocol==”iscsi” && banner=”authmethod=None” to view)